Hezbollah's use of Unmanned Aerial Vehicles - UAVs

According to the common wisdom, terrorists -- or let's just say contradictive political fractions -- weren't supposed to be capable of owning the using unmanned aerial vehicles in war conflicts, but be only able to wage guerilla warfare thus balancing the unequal forces in a conflict. Seems like Hezbollah are indeed capable of owning and using UAVs, as Israel recently shot down yet another one :

"Israeli aircraft shot down an unmanned spy plane launched by the Lebanese guerrilla group Hizbollah as it entered Israeli territory on Monday, the Israeli army said. The drone was spotted by the air force's monitoring unit and fighter planes were scrambled to intercept it, an Israeli military spokesman said. The spokesman said a fighter plane shot the drone down 10 km (six miles) off Israel's coast, northwest of the city of Haifa. "The current assessment is that it was headed further south, we do not know exactly for what purpose," the spokesman said. An Israeli military source added that it was an Iranian-made drone with a range of about 150 km."

Go through an in-depth post at DefenseTech, and Eugene Miasnikov's report on Threat of Terrorism Using Unmanned Aerial Vehicles: Technical Aspects, which :

"assesses the technical possibility of UAV use as a delivery means for terrorists. The analysis shows that such a threat does exist and that it will grow. The author also considers areas that require higher attention from government agencies. This report is also targeted at the Russian public. Terrorist activity can be prevented only through the coordinated efforts of the government and civil society. The government cannot efficiently fight terrorists without the active involvement of the population. The first step toward creating such an alliance is to recognize the threat and its potential consequences."

So what's next once reconnaissance is taken care of and timely intelligence gathered? UCAVs in the long term, of course. Nothing's impossible, the impossible just takes a little while!

HP Spying on Board of Directors' Phone Records

Whether a healthy paranoia, or a series of detailed leaks to the press on HP's future long term strategy, it prompted HP's chair woman to hire experts that obtained access to the call histories of its board of directors' home and cell phone communications thinking possible insiders :

"Last January, the online technology site CNET published an article about the long-term strategy at HP, the company ranked No. 11 in the Fortune 500. While the piece was upbeat, it quoted an anonymous HP source and contained information that only could have come from a director. HP’s chairwoman, Patricia Dunn, told another director she wanted to know who it was; she was fed up with ongoing leaks to the media going back to CEO Carly Fiorina’s tumultuous tenure that ended in early 2005. According to an internal HP e-mail, Dunn then took the extraordinary step of authorizing a team of independent electronic-security experts to spy on the January 2006 communications of the other 10 directors-not the records of calls (or e-mails) from HP itself, but the records of phone calls made from personal accounts. That meant calls from the directors’ home and their private cell phones."

The case highlights that :
- Classification programs type of protection is rarely utilized of companies aiming to balance the trade off of achieving productivity while keep the left hand not knowing what the right is doing when it's necessary -- remember it's the HP way and the management by open spaces that made the company what it is today
- Didn't bother to disinform suspicious parties and decoy them, thus limiting the circle of "suspects"
- Didn't build transparency into the process and that's just starting to make impact
- It's shorthsighted thinking on whether the information defined as leaked wasn't easy to construct through public sources, or that the internal changes weren't already spotted by industry analysts
- They're about to lose their current talanted HR, and the one that was about to join HP. Soft HR dollars are on stake, as I can imagine what will be the faith of a HP blogger if that's how board of directors members threat each other

Here's the article of question, and what provoked this to happen :

"According to the source, HP is considering making more acquisitions in the infrastructure software arena. Those acquisitions would include security software companies, storage software makers and software companies that serve the blade server market. The acquisitions would dovetail with HP's growth plans for its Technology Systems Group, which has already bought companies such as AppIQ for storage management. Hurd has previously said market trends indicate a movement away from mainframe computers and a shift to blade servers, as well as virtualized storage. HP is likely to follow those trends. Meanwhile, in HP's Imaging & Printing Group, the long-term plan to develop commercial printers is likely to continue. "We want to develop the next Heidelberg press," the source said. Of course, HP said basically the same thing back in 2002."

In a previous post, When Financial and Information Security Risks are Supposed to Intersect, I commented on Morgan Stanley's case of knowing who did what, and the growing enforcement of security policies, thus firing employees violating them by forwarding sensitive information to home email accounts. But with the media trying to generate buzz while keeping it objective by mentioning its "sources" and putting the emphasise on "inside company source" no wonder HP is thinking insiders, rather than talkative directors who when asked does the Sun come out in the morning and goes down in the evening, would think twice before answering -- and question the question itself!

Privacy monster courtesy of the EFF.

Related resources and posts:
Espionage
Insider
Wiretapping
Surveillance
Smoking Emails
Insider Competition in the Defense Industry
Espionage Ghosts Busters

Benefits of Open Source Intelligence - OSINT

Surprisingly, Forbes, the homepage for the world's business leaders -- and wannabe ones -- has a well written article on Open Source Intelligence you might find informative :

"How can we use this to reform intelligence? I suggest we create a national Open Source Agency. Half of the money earmarked for the agency would go toward traditional intelligence work. The other half would provide for 50 state-wide Citizen Intelligence Networks, including a 24/7 watch center, where citizens can both obtain and input information. We could establish new emergency intelligence phone numbers--think 119 instead of 911--allowing any housewife, cab driver or delivery boy to contribute to our national security. All they have to do is be alert, and if they see something, take a cell phone photograph and send it in with a text message. If three different people notice the same suspicious person taking photographs of a nuclear plant, for instance, it could be hugely important. The system could even evolve to automatically mobilize emergency workers or warn citizens. Imagine if after people alerted the network about a roadside car bomb, it automatically sent text messages to every phone in the immediate area, warning people to stay away."

Collective intelligence, wisdom of crowds -- Web users were supposed to virtually patrol the U.S border once -- all is driving Web 2.0, trouble is so is paranoia, and all paranoid people need is a platform to spread it further, but the article emphasises on how educated citizens can be the best defense. The benefits of OSINT according the CIA themselves are based on :

Speed: When a crisis erupts in some distant part of the globe, in an area where established intelligence assets are thin, intelligence analysts and policymakers alike will often turn first to the television set and Internet.

Quantity: There are far more bloggers, journalists, pundits, television reporters, and think-tankers in the world than there are case officers. While two or three of the latter may, with good agents, beat the legions of open reporters by their access to secrets, the odds are good that the composite bits of information assembled from the many can often approach, match, or even surpass the classified reporting of the few.

Quality: As noted above, duped intelligence officers at times produce reports based on newspaper clippings and agent fabrications. Such reports are inferior to open sources untainted by agent lies.

Clarity: An analyst or policymaker often finds even accurate HUMINT a problem. For example, when an officer of the CIA’s Directorate of Intelligence (DI), reads a report on a foreign leader based on “a source of unproven reliability,” or words to that effect, the dilemma is clear. Yet, the problem remains with a report from a “reliable source.” Who is that? The leader’s defense minister? The defense minister’s brother? The mistress of the defense minister’s brother’s cousin? The DI analyst will likely never know, for officers of the Directorate of Operations (DO) closely guard their sources and methods. This lack of clarity reportedly contributed, for example, to the Iraqi WMD debacle in 2002-03. The DO reportedly described a single source in various ways, which may have misled DI analysts into believing that they had a strong case built on multiple sources for the existence of Iraqi weapons of mass destruction. With open information, sources are often unclear. With secrets, they almost always are.

Ease of use: Secrets, hidden behind classifications, compartments, and special access programs, are difficult to share with policymakers and even fellow intelligence officers. All officials may read OSINT.

Cost: A reconnaissance satellite, developed, launched, and maintained at a cost of billions of dollars, can provide images of a weapons factory’s roof or a submarine’s hull. A foreign magazine, with an annual subscription cost of $100, may include photographs of that factory’s floor or that submarine’s interior

Meanwhile, Intelligence analysts are putting efforts into sharing their data, data mining the web and social networking sites which is both, cost-effective and can greatly act as an early warning system for important events. Despite technological innovations, a blogger in an adversary's country can often unknowingly act as a HUMINT source of first-hand information -- looking for democracy minded individuals breaking through regimes through malware is yet another possibility. Tracking down terrorist propaganda and communications on the Internet has already reached the efficiency level mainly because of the use of open source intelligence and web crawling the known bad neighborhoods ever since 2001.

Related resources and posts:
Intelligence
OSINT
IP cloaking and competitive intelligence/disinformation
Terrorist Social Network Analysis

Stealth Satellites Developments Source Book

You can't hijack, intercept or hide from what you don't see or don't know it's there, and stealthy satellites are going to get even more attention in the ongoing weaponization of space and the emerging space warfare arms race. Here's a huge compilation of articles and news items related to the development of stealthy satellites. An excerpt from an article within :

"The United States is building a new generation of spy satellites designed to orbit undetected, in a highly classified program that has provoked opposition in closed congressional sessions where lawmakers have questioned its necessity and rapidly escalating price, according to U.S. officials. The previously undisclosed effort has almost doubled in projected cost -- from $5 billion to nearly $9.5 billion, officials said. The National Reconnaissance Office, which manages spy satellite programs, has already spent hundreds of millions of dollars on the program, officials said. The stealth satellite, which would probably become the largest single-item expenditure in the $40 billion intelligence budget, is to be launched in the next five years and is meant to replace an existing stealth satellite, according to officials. Non-stealth satellites can be tracked and their orbits can be predicted, allowing countries to attempt to hide weapons or troop movements on the ground when they are overhead. Opponents of the new program, however, argue that the satellite is no longer a good match against today's adversaries: terrorists seeking small quantities of illicit weapons, or countries such as North Korea and Iran, which are believed to have placed their nuclear weapons programs underground and inside buildings specifically to avoid detection from spy satellites and aircraft."

Issues to keep in mind :
- pre-launch leak in today's OSINT world
- synchronization with HUMINT, SIGINT, OSINT gathered data to avoid deception, some developments are right there under your nose
- amateur radio and satellite enthusiasts outwitting the stealthiness as it always happens
- win-win IMINT sharing between countries can often cover the full spectrum, dependability is of course an issue

Related resources and posts:
Defense
Satellite
Japan's Reliance on U.S Spy Satellites and Early Warning Missile Systems
Open Source North Korean IMINT Reloaded

Zero Day Initiative Upcoming Zero Day Vulnerabilities

Details on a dozen of "upcoming zero day vulnerabilities" are emerging from TippingPoint's Zero Day Initiative :

"Over the past year, the most resounding suggestion from our Zero Day Initiative researchers was to add more transparency to our program by publishing the pipeline of vendors with pending zero day vulnerabilities. The following is a list of vulnerabilities discovered by researchers enrolled in the Zero Day Initiative that have yet to be publicly disclosed. The affected vendor has been contacted on the specified date and while they work on a patch for these vulnerabilities, TippingPoint customers are protected from exploitation by IPS filters delivered ahead of public disclosure. A list of published advisories is also available."

Note the time from vulnerability reporting to patch on some vendors:

ZDI-CAN-041 -- Computer Associates -- High -- 2006.04.07, 144 days ago
ZDI-CAN-042 -- Adobe -- High -- 2006.04.07, 144 days ago
ZDI-CAN-046 -- Computer Associates -- High -- 2006.04.07, 144 days ago
ZDI-CAN-061 -- Microsoft -- High -- 2006.06.14, 76 days ago

Don't be in a hurry to blame the vendors, as in between having to deal with these zero day vulnerabilities, they're all providing patches to fix the emerging ones, that is those who get the highest publicty and make the headlines so actively that there's no other way but dedicating product development time to quality assurance. Keep in mind that, even though vendors are still working on fixing these, apparently TippingPoint's IPS customers are protected -- they're aware of these exploits. Excluding the vendor dependability issue, and the fact that ZDI is indisputably turning into a HR-on-demand think-tank for vulnerability research, I discussed some of the issues regarding the possible motivation of the vulnerability informediaries and what to keep in mind in a previous post :

- trying to attract the most talented researchers, instead of having them turn to the dark side? I doubt they are that much socially oriented, but still it's an option?

- ensuring the proactive security of its customers through first notifying them, and them and then the general public? That doesn't necessarily secures the Internet, and sort of provides the clientele with a false feeling of security, "what if" a (malicious) vulnerability researcher doesn't cooperate with iDefense, and instead sells an 0day to a competitor? Would the vendor's IPS protect against a threat like that too?

- fighting against the permanent opportunity of another 0day, gaining only a temporary momentum advantage?

- improving the company's clients list through constant collaboration with leading vendors while communication a vulnerability in their software products?

Diversify your infrastructure to minimize the damages due to zero day outbreaks, ensure end users are privileged as much as they need, do your homework, camouflage and implement early warning systems/decoys, and yes, keep track of your assets and ensure they're already protected from what's known to be their vulnerability. Responsible disclosure is the socially oriented approach, trouble is the Internet itself is a capitalistic society with basic market forces.

Related posts:

Was the WMF vulnerability purchased for $4000?!
0bay - how realistic is the market for security vulnerabilities?
Scientifically Predicting Software Vulnerabilities

Chinese Hackers Attacking U.S Department of Defense Networks

This may prove to be an informative forum, and I feel that the quality of the questions and the discussion faciliator's insights in the topic -- as a matter of fact GCN has proven a reliable source on the topic -- will be my benchmark for a provocative many-to-many discussion.

Here are my questions :

- Despite PRC's growing Internet population and military thinking greatly emphasizing on pros of information/cyber warfare -- the concepts copied from the U.S in between Sun Tzu's mode of thinking and attitude may indeed prove a dangerous combination -- I find it a bit more complex issue as: "Let's don't forget the use and abuse of island hopping points fueling further tensions in key regions and abusing the momentum itself, physically locating a network device in the future IPv6 network space is of key interest to all parties." China's growing Internet population results in lots of already infected malware hosts that could easily act as stepping stones by third-parties.

My point : Is it a geopolitical tension engineering, or an active doctrine already in implementation?

- If it's indeed a Red Storm Rising, what's North Korea's place in the situation, could it be North Korea engineering and impersonating China's cyber forces thus helping the enemies of its enemies?

- What significant is the threat from actual PRC's cyber warfare devisions, compared to utilizing the massess of script kiddies and promoting -- and not prosecuting attacks on foreign adversaries -- hacking activities? Script kiddies pretending to be l33t, or cyber warfare divisions using retro techniques to disinform on the actual state of military preparedness? The rise of intellectual property theft worms that I discussed, especially Myfip has been connected with the Titan Rain attacks on military networks, but this can be so easily engineered to point out wherever you want it to :

"Myfip doesn't spread back out via the Simple Mail Transfer Protocol (SMTP). "There is no code in the worm to do this," the report said. "From certain key headers in the message, we can tell that the attachment was sent directly to [users]." One element that stands out is that Myfip e-mails always have one of two X-Mailer headers: X-Mailer: FoxMail 4.0 beta 2 [cn] and X-Mailer: FoxMail 3.11 Release [cn]. Also, it always uses the same MIME boundary tag:_NextPart_2rfkindysadvnqw3nerasdf. "These are signs of a frequently-seen Chinese spamtool…," the report said. Stewart said his team was easily able to trace the source of Myfip and its variants. "They barely make any effort to cover their tracks," he said. And in each case, the road leads back to China. Every IP address involved in the scheme, from the originating SMTP hosts to the "document collector" hosts, are all based there, mostly in the Tianjin province."

- Where does the real threat come from exactly? Hackers reading unclassified but sensitive clerk's emails thus exposing the network's design and gathering intelligence for the future "momentum", or the use of PSYOPS online? How is the second measured as a key foundation for successful information warfare battle?

- Is it a state sponsored espionage and cyber warfare practices, or mainland hacktivists, perhaps even hired third party guns?

Image courtesy of Chinese hacktivists diversifying their attacks and causing more noise during the U.S/China cyber skirmish.

Related resources and posts:
Cyber Warfare
Information Warfare
Hacktivism Tensions - Israel vs Palestine Cyberwars
Cyber War Strategies and Tactics
Who's who in Cyber Warfare?